Shedding Light on the Dark Web


Baan Alsinawi

The Dark Web is the part of the internet that is inaccessible by conventional search engines and requires special anonymizing software to access.

In colloquial terms, these are the darkest corners of the internet, where a widespan of nefarious activity takes place, as highlighted in the graphic below.

The Dark Web raises many questions, even among security professionals. Here are some answers to some of the questions that surface most frequently:

How can I check to see if my information has been stolen?

You can check to see if your email address has been compromised by using https://haveibeenpwned.com” target. If your information is present here, it is likely available on the Dark Web as well.

What are some examples of Dark Web, or The Onion Router (TOR), sites?

The Dark Web features marketplaces, forums, search engines, paste sites, social media sites, and chat rooms.

What actors use the Dark Web?

Six categories of threat actors exist on the Dark Web:

  1. Nation-states that utilize Advanced Persistent Threat (APT) tactics use the Dark Web for reconnaissance and espionage purposes.
  2. Cybercriminals often use marketplaces in order to achieve monetary benefit.
  3. Hacktivists attempt to establish a social or political cause across all different types of platforms.
  4. Terrorists seek to spread propaganda and recruitment.
  5. Insiders are motivated by a variety of factors, but oftentimes leak sensitive data onto the Dark Web for reprisal against their employer or for financial gain.
  6. Lastly, there are curious threat intelligence analysts who want to learn more from the Dark Web, assist in bug bounty programs, or enhance their technical skillsets.

What are some case studies of Dark Web sites?

Various data is stolen and sold on the Dark Web. Below are just a few examples:

    • Financial information: Credit and debit cards are sold across many forums and marketplaces. Stolen cards come from all countries and data breaches. Oftentimes, they are sold for as little as $1. Tax data, including W-2 forms, are also popularly sold on the Dark Web. Please see the image below of popular “carding” forum, Joker’s Stash.

    • Personal Information: Everything from names, addresses, Social Security Numbers (SSN), dates of birth, and even an associated Starbucks account, is sold on the Dark Web. When this information is compiled together and sold in a transaction, these data dumps are called “fullz” because they contain all of a person’s identifiable information.

  • Health records: Although health records are harder to find, they are becoming more available by the day. This is a growing concern and a vulnerability for the future.
  • Miscellaneous: Drugs are everywhere on the Dark Web – you can purchase virtually any prohibited item imaginable. Moreover, you can purchase or simply download information that can be damaging to an individual – such as stolen information from the extramarital dating website Ashley Madison. You can also purchase a hacker or exploit to carry out an attack against an organization of your choosing. The possibilities are limitless.

Anything else you would like to add about the Dark Web?

I want to note that the underground criminal community has expanded to encompass anything you can imagine – goods, hitmen, even “hacker clothes.” Most of the websites have an Amazon-type feel to them, in which buyers provide seller feedback and note the authenticity of the stolen goods/services/information. The majority of transactions are handled in cryptocurrency (usually bitcoin), mail forwards, and electronic gift cards. I don’t encourage anyone to do their Christmas shopping here, though.

About the author: Wanda Archy is a cyber threat intelligence specialist focused on Dark Web investigations. Currently, Wanda is a Supervisor in RSM’s Security, Privacy, and Risk services. She received her Master’s degree in Security Studies and Bachelor’s degree in Science, Technology, and International Affairs from Georgetown University. Wanda has her CISSP, CEH, and Security+ certifications, and speaks Russian.

[ISACA Now Blog]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.